![]() If you are a commercial tool developer interested in adding a tool to the SWAMP, please send a request to with a brief description of your tool and your contact information. Designed for zero-tolerance defect environments, CodeSonar’s advanced static analysis engine catches critical defects while maintaining user-friendly false-positive rates and providing detection of the toughest defects. ![]() GrammaTech‘s static analysis CodeSonar solution addresses complex embedded developer challenges to eliminate the most costly and hard-to-find defects.By employing 15 years of research resulting in thousands of rules based on industry standards and best practices, testers are able to find code patterns and identify security vulnerabilities quickly. Parasoft‘s code analysis for Java ( Jtest) and C/C++ ( C/C++test) applications help developers prevent and eliminate defects.The following tool vendors have partnered with the SWAMP. This in turn will help advance the state of cybersecurity and improve the resilience of the open-source software relied upon throughout the software community. Commercial ToolsĬommercial tool vendors are committed to improving software assurance as a whole, and as a result, have offered the use of their tools in the SWAMP. If you are an open-source tool developer interested in adding a tool to the SWAMP, please send a request to with a brief description of your tool and your contact information. They are functionally representative of other tools for the same languages.Development of the tool does not appear to have stagnated or to have been abandoned.They are at the top of their class for tools of their type.They cover important classes of CWEs such as injections, buffer handling, information leaks, numeric handling, and web deceptions.They support languages currently available or being integrated into the SWAMP.The SWAMP chooses to integrate tools based on the following: List of Tools Available in the SWAMP Open-Source ToolsĪfter studying data from a wide variety of sources, collecting input from practitioners in the field, and building on the experiences of the SWAMP team members, a collection of open-source static analysis tools is available in the SWAMP today. To address this deficiency, the SWAMP offers a large collection of both commercial and open-source testing tools to support better software assurance practices and identify a larger array of weaknesses. Additionally, the National Security Agency Center for Assured Software published a separate study of over 60,000 test cases with several million lines of source code (6.5 million+ for C/C++ and 3.2 million for Java) which showed that only 14 percent of the known software defects were able to be detected, even when using multiple tools. The report went on to explain that it was very rare that the same code defect was able to be detected by three or more tools ( Report on the Static Analysis Tool Exposition (SATE) IV, January 2013). According to a NIST research report, different tools find different weaknesses and over two-thirds of detected software defects were only able to be discovered by one tool. Designed to accelerate the adoption of continuous software assurance practices, the SWAMP facility fills an important niche, as software assurance best practices require the use of multiple testing tools to create a comprehensive view of an application’s weaknesses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |